/**
 * 
 */
package org.kad.gwt.web.client.applet.internal.certif;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V1CertificateGenerator;

/**
 * @author Capgemini - Pierrick HYMBERT
 *
 */
public class CreateAutoSignGWTKadCertif {
    static {
        // adds the Bouncy castle provider to java security
        Security.addProvider(new BouncyCastleProvider());
    }
    private static final String keystore = "src/main/sign/gwtkad.jks";
    private static final String alias = "gwtkad";
    private static final String keyPass = "gwtkad-pass";
    private static final String keystorePass = "gwtkad-store";
    public static void main(String[] args) throws Exception {
        // yesterday
        Calendar validityBeginDate = Calendar.getInstance();
        validityBeginDate.add(Calendar.DAY_OF_MONTH, -1);
        // in 2 years
        Calendar validityEndDate = Calendar.getInstance();
        validityEndDate.add(Calendar.YEAR, 5);

        // GENERATE THE PUBLIC/PRIVATE RSA KEY PAIR
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());

        KeyPair keyPair = keyPairGenerator.generateKeyPair();

        // GENERATE THE X509 CERTIFICATE
        X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
        X500Principal dnName = new X500Principal("CN=gwtkad");

        certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        certGen.setSubjectDN(dnName);
        certGen.setIssuerDN(dnName); // use the same
        certGen.setNotBefore(validityBeginDate.getTime());
        certGen.setNotAfter(validityEndDate.getTime());
        certGen.setPublicKey(keyPair.getPublic());
        certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");

        X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");

        // initializing and clearing keystore 
        KeyStore ks = KeyStore.getInstance("JKS", "SUN");
        ks.load( null , keystorePass.toCharArray());
        System.out.println("Using keystore-file : "+keystore);
        ks.store(new FileOutputStream ( keystore  ),
                keystorePass.toCharArray());
        ks.load(new FileInputStream ( keystore ),
                keystorePass.toCharArray());
        // storing keystore
        ks.setKeyEntry(alias, keyPair.getPrivate(), 
                        keyPass.toCharArray(),
                       new Certificate[] {cert} );
        System.out.println ("Key and certificate stored.");
        ks.store(new FileOutputStream ( keystore ),
                keystorePass.toCharArray());
    }
}
